<?php
require('connect.php');
include 'constants.php';


if (!isset($_POST['user_id'])  || !isset($_POST['hash']) )
{
	echo "something not set";
	return;
}

$hash = $_POST['hash'];
$user_id = $_POST['user_id'];
$stars = $_POST['stars'];
$games_played = $_POST['games_played'];
$level_games = $_POST['level_games_played'];
$custom_games = $_POST['custom_games_played'];
$challenge_games = $_POST['challenge_games_played'];
$levels_completed = $_POST['levels_completed'];

$our_hash = sha1($user_id . PRIVATE_KEY);

if (strcmp($hash, $our_hash) != 0)
{
	echo "hash incorrect";
	return;
}

$getRecordQuery = "SELECT user_id FROM statistics WHERE user_id = '" . $user_id . "'";

$deleteUserQuery = "DELETE FROM statistics WHERE user_id = '" . $user_id . "'";

$insertQuery = "INSERT INTO statistics (user_id, stars, games_played, level_games, custom_games, challenge_games, levels_completed ) 
VALUES ('". $user_id  ."','". $stars ."','".$games_played ."','". $level_games ."','". $custom_games ."','". $challenge_games ."','".  $levels_completed . "')";

$result1 = mysql_query($getRecordQuery);

//player has his record in db already
if (mysql_num_rows($result1) > 0)
{
	mysql_query($deleteUserQuery);
}

mysql_query($insertQuery);

mysql_close();
